Received: by 2002:a05:6a10:8395:0:0:0:0 with SMTP id n21csp522174pxh; Tue, 9 Nov 2021 14:38:22 -0800 (PST) X-Google-Smtp-Source: ABdhPJzarO2A7qDSw8QNiKhFRShAHBIVHhe7LqdmqFvoI34UIXTzxBG1WVyZnLJboQrXI00o5SeL X-Received: by 2002:a17:907:3e8a:: with SMTP id hs10mr14586195ejc.404.1636497502345; Tue, 09 Nov 2021 14:38:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1636497502; cv=none; d=google.com; s=arc-20160816; b=ohFHJgtPrIdwQV1c24GmEAyi4PXVZEcRTCIr3bAwCeG1fxJUV0YJiEN7B5dheAs8cp U2Q3gu6EEGziix6hP4GaQRbK9uAf4R+8X/uEwqzLUXbp/8WP3Ih+o8aP36JxnvSOTAd2 VOrKPKCa0ZE4HddXX8rGv5TNC0K29/jYxZVozFpxTLNjqVEE9L+eV8VIzysDqWdppNGj nTK1JEjJTtZ+qXXR2q5TppNqBSAjbeHBcBsehOTYXymAHzxCdy3u0Pp7GubZrrXbGHo5 IxiCEV8LpgJHVxt4wMuMsafiiqAYCb1paTBLwxE4GsB0kOvXebwuW9DYBVye8RkQSZjL tNyA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:dkim-filter; bh=7Yfhs6mgnlAbRfDJtqysXWuoXj0URoLB6EAUKOJhcUo=; b=cozZ1ElN1cQA/boZLe20aGFkb0L43eVtvu/oEnl1T9irHTdur96vo+DiiopmDt/jdy LWAHmHzhyt4iOwuqU+p8ub8ha30K+4HNCrzexzYPCs/sAQc9bUWYxSaM7rEdhmmzgQJu zmtsEtVHzwGjdzNB4hUQFi8kIMyWp1FJkqw23kPFJB2FmuTpS31hgok+kHvqjX4wymYd wHXv6amaaS4sLJOUpzO4eK730Vv+oLP6gbJKnjjnlhXdyqHZJ/YW3N/A+QM99vsSNs48 mNZ/CuvE253L2Zr1KrwbudMoUGEJhR7A5wrVhS4UrTOlmn8D1kCCA3+M5VXhGWtsnrKD Bejw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@fieldses.org header.s=default header.b="F/j1fnRL"; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id ga16si37525242ejc.172.2021.11.09.14.37.41; Tue, 09 Nov 2021 14:38:22 -0800 (PST) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@fieldses.org header.s=default header.b="F/j1fnRL"; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238356AbhKIRX7 (ORCPT + 99 others); Tue, 9 Nov 2021 12:23:59 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40044 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237296AbhKIRX7 (ORCPT ); Tue, 9 Nov 2021 12:23:59 -0500 Received: from fieldses.org (fieldses.org [IPv6:2600:3c00:e000:2f7::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 26124C061764; Tue, 9 Nov 2021 09:21:13 -0800 (PST) Received: by fieldses.org (Postfix, from userid 2815) id 974F7A80; Tue, 9 Nov 2021 12:21:11 -0500 (EST) DKIM-Filter: OpenDKIM Filter v2.11.0 fieldses.org 974F7A80 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fieldses.org; s=default; t=1636478471; bh=7Yfhs6mgnlAbRfDJtqysXWuoXj0URoLB6EAUKOJhcUo=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=F/j1fnRLd7T2nDlO4VRk53OAJPUuArhmrTcTA33IWgZrQ2Zu4ojzg9ng6mgl8O44i buWApg3fqk90hJemS9xChQ62jrufahKwuwiy+BQ7bjQFYMWG2TOvfT558Uvjc9IAmd f/YrFzNAhUTOqxATZRYin11SScH2fAr+fCdV5pN0= Date: Tue, 9 Nov 2021 12:21:11 -0500 From: "bfields@fieldses.org" To: "wanghai (M)" Cc: Trond Myklebust , "neilb@suse.com" , "jakub.kicinski@netronome.com" , "willy@infradead.org" , "tyhicks@canonical.com" , "davem@davemloft.net" , "nicolas.dichtel@6wind.com" , "linux-kernel@vger.kernel.org" , "edumazet@google.com" , "jlayton@kernel.org" , "ast@kernel.org" , "christian.brauner@ubuntu.com" , "chuck.lever@oracle.com" , "linux-nfs@vger.kernel.org" , "viro@zeniv.linux.org.uk" , "anna.schumaker@netapp.com" , "tom@talpey.com" , "kuba@kernel.org" , "cong.wang@bytedance.com" , "dsahern@gmail.com" , "timo@rothenpieler.org" , "jiang.wang@bytedance.com" , "kuniyu@amazon.co.jp" , "netdev@vger.kernel.org" , "Rao.Shoaib@oracle.com" , "wenbin.zeng@gmail.com" , "kolga@netapp.com" Subject: Re: [PATCH net 2/2] auth_gss: Fix deadlock that blocks rpcsec_gss_exit_net when use-gss-proxy==1 Message-ID: <20211109172111.GA5227@fieldses.org> References: <20210928134952.GA25415@fieldses.org> <77051a059fa19a7ae2390fbda7f8ab6f09514dfc.camel@hammerspace.com> <20210928141718.GC25415@fieldses.org> <20210928145747.GD25415@fieldses.org> <8b0e774bdb534c69b0612103acbe61c628fde9b1.camel@hammerspace.com> <20210928154300.GE25415@fieldses.org> <20210929211211.GC20707@fieldses.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On Thu, Sep 30, 2021 at 09:56:03AM +0800, wanghai (M) wrote: > > 在 2021/9/30 5:12, bfields@fieldses.org 写道: > >On Tue, Sep 28, 2021 at 11:43:00AM -0400, bfields@fieldses.org wrote: > >>On Tue, Sep 28, 2021 at 03:36:58PM +0000, Trond Myklebust wrote: > >>>What is the use case here? Starting the gssd daemon or knfsd in > >>>separate chrooted environments? We already know that they have to be > >>>started in the same net namespace, which pretty much ensures it has to > >>>be the same container. > >>Somehow I forgot that knfsd startup is happening in some real process's > >>context too (not just a kthread). > >> > >>OK, great, I agree, that sounds like it should work. Ugh, took me a while to get back to this and I went down a couple dead ends. The result from selinux's point of view is that rpc.nfsd is doing things it previously only expected gssproxy to do. Fixable with an update to selinux policy. And easily fixed in the meantime by cut-and-pasting the suggestions from the logs. Still, the result's that mounts fail when you update the kernel, which seems a violation of our usual rules about regressions. I'd like to do better. --b.